WordPress Redirect Malware Hidden in Google Tag Manager Code
Puja Srivastava Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after…
Browsing Tag
Redirects
130 posts
Attackers Inject Code into WordPress Theme to Redirect Visitors
Matt Morrow In a recent article we discussed some of the reasons sites are frequently attacked. That article covered browser redirects, and we’ll explore an example of…
What Motivates Website Malware Attacks?
Ben Martin The depiction in the media of hackers tends to be that of balaclava-wearing villains who type furiously in a dark basement, motivated by nothing but…
Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign
During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted…
Rogue Ads Redirect Visitors
Ads are everywhere. They generate revenue for site owners and can present related content to the website being visited. As detailed in previous articles, bad…
Indonesian Gambling Redirect Hiding in Plain Sight
Kayleigh Martin Many pieces of malware found over the years have been complex and difficult to find. Attackers often obfuscate their code to make it harder to…
SiteCheck Remote Website Scanner — Mid-Year 2024 Report
Kyle Knight Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote website scanners may not…
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the…
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise
A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss…
Thousands of Sites with Popup Builder Compromised by Balada Injector
Denis Sinegubko On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)
If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam…